Re: Email Pen-testing
From: Michael Richardson (mcr_at_sandelman.ottawa.on.ca)
Date: 03/24/04
- Previous message: Jerry Shenk: "RE: FTP Window of opportunity?"
- In reply to: Frank Knobbe: "RE: Email Pen-testing"
- Next in thread: hwertz_at_voltron.homelinux.org: "Re: Email Pen-testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Wed, 24 Mar 2004 14:42:37 -0500
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Frank" == Frank Knobbe <frank@knobbe.us> writes:
Frank> an Incident Response Exercise to test the response capabilities of a
Frank> client. You are less concerned about getting root but instead try to
Frank> operate stealthy or in an otherwise defined pattern, attempting to
Frank> penetrate, but allowing others to take notes of the response
Frank> procedures of the clients incident response team.
Like, for instance, do the IT people even know who to call once they
have "caught" you?
In Canada, the responsability for "computer crime" devolved from the
RCMP to the local police forces. Alas, the knowledge and experience did
not get passed down. The Ottawa police, as competent as they are for
most things, spends all their computer time tracking down child porn and
stalkers. If you call them and say, "I'm from Corporation FOO, my
firewall was compromised", they offer to send ... the fire department.
So, in Ottawa at least, my conclusion is that there isn't a number
that can be called anymore.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQGHkrIqHRg3pndX9AQG4hQP/St4ihxRjdcZSYPne59pUM5//BI05iP1H
zU7ZkqcbKvtqi6uKV08/xUxJldOeH9P7S7tM+NtfcEq0JNTYRKpj8q7IxLSgkd5g
M+J4GM4T2k+QSBVPoG2aHAXpHrOZlSlDYWlyoqhF0gVCBf6tZoBs5aSsbgqWNa7P
ZpEqgBErn9E=
=Hrq3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
- Previous message: Jerry Shenk: "RE: FTP Window of opportunity?"
- In reply to: Frank Knobbe: "RE: Email Pen-testing"
- Next in thread: hwertz_at_voltron.homelinux.org: "Re: Email Pen-testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
